Sky Gunning » Myspeach » 3.0.7 : Security Vulnerabilities, CVEs,
Directory traversal vulnerability in chat.php in Sky GUNNING MySpeach 3.0.7 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) and trailing %00 (NULL) in a my_ms[root] cookie.
Max CVSS
5.8
EPSS Score
0.68%
Published
2007-04-09
Updated
2017-10-11
PHP remote file inclusion vulnerability in chat.php in Sky GUNNING MySpeach 3.0.7 and earlier, when used with PHP 5, allows remote attackers to execute arbitrary PHP code via an ftp URL in a my_ms[root] cookie, a different vector than CVE-2007-0491 and CVE-2006-4630.
Max CVSS
6.8
EPSS Score
1.10%
Published
2007-04-09
Updated
2017-10-11
2 vulnerabilities found